But Banco de España says the DDoS disruption didn't have any effect on the organization's operations. It said communications with the European Central Bank were unaffected and that there was no evidence that it had suffered any type of data breach.

"We suffered a denial of service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity," a spokeswoman tells Information Security Media Group. "As we are the national central bank of Spain, not a commercial bank, we offer no banking services - on-site or online - to individuals nor firms."

As of Tuesday, the bank says its website has been functioning normally

News that Banco de España's website had been disrupted by a DDoS attack on Monday was first reported by Reuters.

The intermittent disruptions of the Banco de España website are a reminder that procuring DDoS attacks, while illegal, remains relatively easy. A number of websites continue to offer so-called "stresser/booter" services that allow anyone to order up a DDoS attack. Such attacks are typically delivered by stresser/booter service administrators via bot-infected PCs.

Ongoing Arrests

In April, police in Europe announced that they had seized Webstresser.org, believed to be the world's largest provider of DDoS-on-demand services. Authorities said the site boasted 136 million registered users and had launched more than 4 million attacks against websites - ranging from banks and government agencies to police forces and gaming sites. As part of the takedown, six of the site's suspected top administrators were also arrested in the United Kingdom, Croatia, Canada and Serbia (see Police Seize Webstresser.org, Bust 6 Suspected Admins).

The EU's law enforcement intelligence agency, Europol, also reported that some of the site's suspected top users were arrested in Australia, Canada, Croatia, Hong Kong, Italy, the Netherlands, Spain and the U.K.

Despite such disruptions, however, Darren Anstee of Arbor Networks says a number of rival stresser/booter services remain, and it's unlikely there will be any downturn in DDoS-on-demand attack volume (see Life After Webstresser Disruption: No DDoS Holiday).

Rock-Bottom Attack Costs

Last year, Kaspersky Lab reported that one Russian language provider was marketing a DDoS-on-demand service for $50 per day.

But some offer attacks for as little as $10 per hour, according to security firm Armor's review of cybercrime forum and darknet offerings, published earlier this year. It said some services were advertising a week-long attack for as little as $500.

Last year, the FBI urged organizations that have been targeted with DDoS attacks - which are sometimes accompanied by extortion attempts - to come forward, so law enforcement agencies could glean better intelligence on such attacks.

Top DDoS Targets

DDoS defense firms have different perspectives on which industries are most targeted by such disruptions, most likely stemming in part from the different types of industries they serve.

Arbor Netscout, in a report that reviews DDoS attacks it tracked in the first half of this year, says the top five targeted verticals were:

Wired communications carriers (793,377 attacks);

Telecommunications (491,314 attacks);

Data processing, hosting and related services (316,395 attacks);

Wireless telecommunications carriers (157,388 attacks);

Software publishers (44,724 attacks).

Meanwhile, DDoS defense provider VeriSign reports that in the first quarter of this year, the most-targeted sector was financial services, which accounted for 57 percent of its mitigation activity. That was followed by IT services firms (26 percent of its mitigation activity) and telecommunications (17 percent).

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ddos.inforisktoday.com, you agree to our use of cookies.